Netsparker's Web Application Security Blog

How to Evaluate Web Application Security Scanners

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Choosing an automated tool such as a web application security scanner is not a straight forward process.. Here is a complete guide to help you choose the right web vulnerability scanner, also known as web application security scanner for web vulnerability assessments and identifying vulnerabilities in web applications. Read More

Top 10 Mistakes when Performing a Web Vulnerability Assessment

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

In Information Technology there are numerous mistakes, oversights, and blunders that are repeated consistently day after day. But given what there is to lose when it comes to web application security, why not learn from the mistakes of others so you don’t get burned? This blog post lists the top 10 mistakes typical web application security experts do and that you need to be aware of when seeking out the real business risks in your web vulnerability assessments: Read More

ING EURASIA IT Audit Team Chooses Netsparker to Detect Web Application Vulnerabilities

Category: News - Last Updated: Tue, 10 Sep 2013 - by Robert Abela

ING Bank IT security team needed an easy to use and automatic web application security solution. In this case study they explain why Netsparker was the obvious choice; because it is an easy to use web application security scanner that penetration testers can use without the need to spend hours configuring it. Read the full case study to find out more about the benefits Netsparker customers such as ING Bank enjoy by choosing Netsparker. Read More

Getting developers on board to transition from part of the problem to part of the process

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Are your web application developers key players in the web application security equation? They are often the unsung heroes who help prevent many security problems from ever occurring, or closing down web vulnerabilities once identified. Yet in the real world they are often portrayed as a large part of the security problem. It doesn’t have to be that way. Read More

Oakland University uses Netsparker to Protect its Web Applications from Hacker Attacks

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Netsparker Case Study | In this case study Oakland University's security staff explain how Netsparker Web Application Security Scanner helped them identify web vulnerabilities in the always changing custom web applications. They also explain how important it is for them to have an easy to use web vulnerability scanner such as Netsparker to help all the team increase the visibility into the security of web applications. Read More

Should you pay for a Web Application Security Scanner?

Category: Web Security Readings - Last Updated: Wed, 13 Sep 2017 - by Robert Abela

If you ask 10 web security specialists which is their favorite web vulnerability scanner, most probably you will get 30 different answers. Digging deeper you will also find that while some prefer to use free tools, several others prefer to rely on a commercial web vulnerability scanning solution. This web security blog post highlights the differences between free web security tools and commercial web application security scanners. Read More

Web Application Security Testing should be part of QA Testing

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications. Read More

Why Web Vulnerability Testing Needs to be Automated

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually. Read More

Netsparker 3 Makes Web Application Security Easier and Affordable

Category: News - Last Updated: Tue, 25 Jun 2013 - by Robert Abela

Press Release | Netsparker announces Netsparker Web Application Security Scanner version 3.0. The new version of Netsparker reduces the web security scan time to enable you to improve productivity, it confirms your payment web applications are PCI compliant, and helps you automated much more of your web application security scanning. Read More

Netsparker used by Security Consultants to Identify Vulnerabilities in Thousands of Web Applications

Category: News - Last Updated: Mon, 22 May 2017 - by Robert Abela

In this Netsparker case study we see how Layers-7, an IT Security Consultancy firm, uses Netsparker Web Application Security Scanner to secure the web applications of its customers and help them be compliant with today's stringent requirements. They also explain how they could automated most of their security services with Netsparker and how they concluded that Netsparker is the best web vulnerability scanner that fits their needs. Read More

Create Own Scan Policies with Netsparker Scan Policy Editor

Category: Product Docs & FAQS - Last Updated: Tue, 23 May 2017 - by Onur Yilmaz

In Netsparker version 3 we introduced the Scan Policy Editor. The Scan Policy Editor allows Netsparker users to create new scan policies in which they can specify which web application vulnerability checks should be included in a web security scan. Read this blog post for more information on the Scan Policy Editor and how you can use it to create your own scan policies and launch more efficient web application security scans. Read More

A Detailed Look into the New Features and Improvements of Netsparker Version 3.0

Category: Releases - Last Updated: Thu, 26 Oct 2017 - by Onur Yilmaz

Netsparker Version 3 - By far way better than its predecessors, Netsparker Web Application Security Scanner version 3 makes web application security an easy task and allows web application security experts automate more than ever before. Generate PCI Compliance reports with Netsparker 3.0 to verify your web applications are PCI complaint. Read this blog post for more details of what is new and improved in Netsparker version 3.0. Read More

An XSS Vulnerability is Worth up to $10,000 According to Google

Category: Web Security Readings - Last Updated: Thu, 13 Jun 2013 - by Robert Abela

Google are willing to pay up to $10,000 to anyone who discovers a cross-site scripting vulnerability in one of their web applications. Why are Google doing so? Definitely not by coincidence. By exploiting a cross-site scripting vulnerability a malicious hacker can easily gain administrative access on a web application, gain control over it and where possible infiltrate deeper into the corporate network. Read this blog post for more information about the impact an exploited XSS can have on your business. Read More

Use Netsparker to Detect Ruby on Rails Vulnerabilities

Category: News - Last Updated: Tue, 11 Jun 2013 - by Robert Abela

Netsparker can detect vulnerabilities in Ruby and Rails web applications. In this blog post we explain how a Ruby on Rails Remote Code Execution Vulnerability is exploited in the wild and how you can check if your web applications are vulnerable to such vulnerability with Netsparker. Read More

The Dangerous Complexity of Web Application Security

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do. Read More

False Negatives in Web Application Security

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

What are false negatives and what cases automated web application security scanners to not detect a vulnerability? In this web application security blog post Robert Abela explains what false negatives are and what to look for when searching for an automated web vulnerability scanner to ensure that it detects all vulnerabilities and leaves no false negatives behind for malicious attackers to exploit. Read More

South African Police Web Application for Whistleblowers Hacked via SQL Injection

Category: News - Last Updated: Tue, 28 May 2013 - by Robert Abela

The repercussions an exploited web application vulnerability such as an SQL Injection can have are a lot. For example in this particular case, by exploiting an SQL injection vulnerability malicious hackers published a list of whistleblowers in South Africa, endangering their lives. This example highlights the importance of identifying each and every web application vulnerability, since a malicious hacker only needs to exploit one. Full details about the attack in this blog post. Read More